Obsloctap next round

applications/obsloctap/README.md

@@ -16,11 +16,21 @@ Publish observing schedule
 | config.separateSecrets | bool | `false` | Whether to use the new secrets management scheme |
 | config.volume_mounts | list | `[]` | Mount points for additional volumes |
 | config.volumes | list | `[]` | Additional volumes to attach |
+| consumekafka.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the obsloctap image |
+| consumekafka.image.repository | string | `"ghcr.io/lsst-dm/consumekafka"` | obsloctap image to use |
+| consumekafka.image.tag | string | The appVersion of the chart | Tag of image to use |
 | environment | object | `{}` | Environment variables (e.g. butler configuration/auth parms) for panel |
 | global.baseUrl | string | Set by Argo CD | Base URL for the environment |
 | global.host | string | Set by Argo CD | Host name for ingress |
 | global.vaultSecretsPath | string | Set by Argo CD | Base path for Vault secrets |
-| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the obsloctap image |
-| image.repository | string | `"ghcr.io/lsst-dm/obsloctap"` | obsloctap image to use |
-| image.tag | string | The appVersion of the chart | Tag of obsloctap image to use |
 | ingress.annotations | object | `{}` | Additional annotations to add to the ingress |
+| kafka.bootstrap | string | `"sasquatch-kafka-bootstrap.sasquatch:9092"` | Kafka bootstrap server |
+| kafka.group_id | string | `"obsloctap-consumer"` | Name of Kafka consumer group |
+| kafka.schema_url | string | `"http://sasquatch-schema-registry.sasquatch:8081"` | Kafka Avro schema server URL |
+| kafka.username | string | `"obsloctap"` | Username for SASL_PLAIN authentication |
+| lfa.access_key | string | `""` | Access key for LFA bucket |
+| lfa.bucket_prefix | string | `""` | Prefix for LFA bucket (e.g. for Ceph tenant specification) |
+| lfa.s3EndpointUrl | string | `""` | url |
+| obsloctap.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the obsloctap image |
+| obsloctap.image.repository | string | `"ghcr.io/lsst-dm/obsloctap"` | obsloctap image to use |
+| obsloctap.image.tag | string | The appVersion of the chart | Tag of image to use |

applications/obsloctap/secrets.yaml

@@ -10,3 +10,12 @@
 "database":
   description: >-
     PostgreSQL database the Butler database.
+obsloctap-password:
+  description: >-
+    Kafka password for obsloctap user
+  copy:
+    application: sasquatch
+    key: obsloctap-password
+lfa-password:
+  description: >-
+    LFA password

applications/obsloctap/templates/consumekafka-deployment.yaml

@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "obsloctap-consumekafka"
+  labels:
+    {{- include "obsloctap.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "obsloctap.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        component:
+        {{- include "obsloctap.selectorLabels" . | nindent 8 }}
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: "obsloctap-consumekafka"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "all"
+            readOnlyRootFilesystem: true
+          image: "{{ .Values.consumekafka.image.repository }}:{{ .Values.consumekafka.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.consumekafka.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            - name: "database"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap-postgres
+                  key: "database"
+            - name: "database_user"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap-postgres
+                  key: "username"
+            - name: "database_url"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap-postgres
+                  key: "url"
+            - name: "database_password"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap-postgres
+                  key: "password"
+            - name: "INSTRUMENT"
+              value: "LSSTCam"
+            - name: "LOG_CONFIG"
+              value: "{{ .Values.consumekafka.logConfig }}"
+            - name: "AWS_ACCESS_KEY_ID"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap
+                  key: "lfa-key"
+            - name: "AWS_SECRET_ACCESS_KEY"
+              valueFrom:
+                secretKeyRef:
+                  name: obsloctap
+                  key: "lfa-password"
+            - name: "BUCKET_PREFIX"
+              value: "{{ .Values.lfa.bucket_prefix }}"
+            - name: "S3_ENDPOINT_URL"
+              value: "{{ .Values.lfa.s3EndpointUrl }}"
+            - name: "KAFKA_BOOTSTRAP"
+              value: "{{ .Values.kafka.bootstrap }}"
+            - name: "KAFKA_USERNAME"
+              value: "{{ .Values.kafka.username }}"
+            - name: "KAFKA_PASSWORD"
+              valueFrom:
+                secretKeyRef:
+                  name: sasquatch
+                  key: "obsloctap-password"
+            - name: "KAFKA_GROUP_ID"
+              value: "{{ .Values.kafka.group_id }}"
+            - name: "SCHEMA_URL"
+              value: "{{ .Values.kafka.schema_url }}"
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

applications/obsloctap/templates/deployment.yaml → applications/obsloctap/templates/obsloctap-deployment.yaml

@@ -74,6 +74,20 @@ spec:
                 secretKeyRef:
                   name: obsloctap-postgres
                   key: "password"
+            - name: "KAFKA_BOOTSTRAP"
+              value: "{{ .Values.kafka.bootstrap }}"
+            - name: "KAFKA_USERNAME"
+              value: "{{ .Values.kafka.username }}"
+            - name: "KAFKA_PASSWORD"
+              valueFrom:
+                secretKeyRef:
+                  name: sasquatch
+                  key: "obsloctap-password"
+            - name: "KAFKA_GROUP_ID"
+              value: "{{ .Values.kafka.group_id }}"
+            - name: "SCHEMA_URL"
+              value: "{{ .Values.kafka.schema_url }}"
+
 {{- range $key, $value := .Values.environment }}
             - name: {{ $key | quote }}
               value: {{ $value | quote }}

applications/obsloctap/values.yaml

@@ -1,13 +1,26 @@
-image:
-  # -- obsloctap image to use
-  repository: "ghcr.io/lsst-dm/obsloctap"
+obsloctap:
+  image:
+    # -- obsloctap image to use
+    repository: "ghcr.io/lsst-dm/obsloctap"
 
-  # -- Pull policy for the obsloctap image
-  pullPolicy: "IfNotPresent"
+    # -- Pull policy for the obsloctap image
+    pullPolicy: "IfNotPresent"
 
-  # -- Tag of obsloctap image to use
-  # @default -- The appVersion of the chart
-  tag: "tickets-dm-38824"
+    # -- Tag of image to use
+    # @default -- The appVersion of the chart
+    tag: "tickets-dm-44729"
+
+consumekafka:
+  image:
+    # -- obsloctap image to use
+    repository: "ghcr.io/lsst-dm/consumekafka"
+
+    # -- Pull policy for the obsloctap image
+    pullPolicy: "IfNotPresent"
+
+    # -- Tag of image to use
+    # @default -- The appVersion of the chart
+    tag: "tickets-dm-44729`"
 
 # -- Environment variables (e.g. butler configuration/auth parms) for panel
 environment: {}
@@ -35,6 +48,25 @@ config:
   # -- time span, if a time is provided in the query how man hours to look back
   obsplanTimeSpan: 24
 
+
+kafka:
+  # -- Kafka bootstrap server
+  bootstrap: "sasquatch-kafka-bootstrap.sasquatch:9092"
+  # -- Kafka Avro schema server URL
+  schema_url: "http://sasquatch-schema-registry.sasquatch:8081"
+  # -- Username for SASL_PLAIN authentication
+  username: "obsloctap"
+  # -- Name of Kafka consumer group
+  group_id: "obsloctap-consumer"
+
+lfa:
+  # -- Access key for LFA bucket
+  access_key: ""
+  # -- Prefix for LFA bucket (e.g. for Ceph tenant specification)
+  bucket_prefix: ""
+  # -- url
+  s3EndpointUrl: ""
+
 # The following will be set by parameters injected by Argo CD and should not
 # be set in the individual environment values files.
 global: